Let's look at why the local connection is not disabled because a virus destroyed the files in the system directory , and the file is a directory
Inside catdb file is damaged, then how do we fix it?
Often, the quickest way we think is a good file directly covering can, to me that I should try it
First, let's remove it
Well, my directory is already empty, and that I have directly removed, then we take a look at how the results, how to test it? ? Disable direct local connection is like, we try
This time we will find very strange, local connection can still disabled, but already emptied folder appeared to be something we deleted again, this is why?
In fact, when Microsoft system protection for cryptsvc ( authentication service) , because it's protected, so we can not completely replace the file, then how should we replace it? This is like the end of the service
First, we use the first command
Tasklist
According to its command us to understand its applications ... It is used to display a variety of tasks running on our machines, and we relate to system services, take a close look
As shown, we found its sub-command, and then enter, enter
We found that the service, the next step, we want to end it relates to the next command taskkill
We can use the taskkill /? To see its usage
Here is what I wrote a batch:
@echo off
@pause
for /f "tokens=2 delims=," %%a in ('tasklist /fi "services eq CryptSvc" /nh /fo csv') do (taskkill /f /fi "pid eq %%~a")
@systeminfo>%tmp%\sys.info
@rem #more %tmp%\sys.info
@more %tmp%\sys.info|findstr "Service Pack 3" && goto 3 || more %tmp%\sys.info|findstr "Service Pack 2" && goto 2||more %tmp%\sys.info|findstr "Service Pack 1" && goto 1
:3
@echo copy file repir System
@copy /v .\sp3\catdb.* %windir%\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\
@goto end
:2
@echo copy file repir System
@copy /v .\sp2\catdb.* %windir%\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\
@goto end
:1
@echo copy file repir System
@copy /v .\sp1\catdb.* %windir%\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\
@goto end
:end
@pause
@shutdown -f
As command
Because the system services PID different may have, we will need to command the automatic determination of tasks performed by the PID , and then automatically go to the end of this program, and then automatically to determine system version, to copy everything from the desktop to the specified folder, to patch the system, and above this command can be completely done
I'll explain more complex things, first of all
Why use the pause command, because after entry causes
This makes the batch more structured, more beautiful, rather than directly address the swarm, and easy to determine the fault
Then, how about ending has been found cryptscv service, according to the above
We can see, pid for the 1040 process, there are a lot of services, and
These systems services are not directly termination, forced termination only
So we can only use the belt / F option directly prohibit
taskkill /f /fi "services eq CryptSvc"
As command, it can be banned,
After the successful termination can be directly covered
Note: explain "the importance of, if not", "", cmd will only recognize the first word, can not be terminated, as shown: they must pay attention to detail, you might write something hard, just less a symbol, hung up
@systeminfo>% tmp% \ sys.info means adding a buffer in the system directory, delete it manually after the end
Again, tell us about
% windir% , the command input path
The system can be found directly WINDOWS directory, because some people like to change the system directory to increase security, so its appearance is necessary, there are interested can look it relative path.
After covering the immediate shutdown -f resumption of direct resolved, it is not very simple and practical?
NOTE : ":" of the above-mentioned description code, such as goto 1, the next line so directly: . 1 -f shudown
After the implementation of this directly shut down
Familiar batch commands and mainly by numerous attempts to DOS familiar commands and produced in the use and structure, able to play simple and convenient, quick action.
Download the attached file: point I downloaded
-----Edit by Andy
Reproduced in: https: //www.cnblogs.com/tstcxxzx/archive/2013/05/05/3061515.html